Re: chmod of active swap file blocks

From: Erik Andersen
Date: Thu Jan 01 2004 - 16:54:16 EST


On Thu Jan 01, 2004 at 03:10:27PM +0100, Andries Brouwer wrote:
> On Thu, Jan 01, 2004 at 02:12:41AM -0800, Andrew Morton wrote:
> > Neale Banks <neale@xxxxxxxxxxxxxxxx> wrote:
> > >
> > > How much of the original problem goes away if swapon(8) were to refuse to
> > > activate a file/device which has ownership/mode which it doesn't like?
> >
> > I think swapon(8) should at least warn when the swapfile has inappropriate
> > permissions. It's an obvious and outright security hole.
>
> swapon had this warning for a while, but that generated lots of complaints.
> Now this message is printed only when the -v (verbose) flag is given.

Perhaps swapon should automagically do a chmod and chown on all
swapfiles, unless specifically asked to be wildly insecure
(perhaps with a -W option -- wildly insecure swapfile permissions
are considered acceptable)....

-Erik

--
Erik B. Andersen http://codepoet-consulting.com/
--This message was written using 73% post-consumer electrons--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/